Ulwazi luye lwadalulwa mayelana nokuba sengozini kuplathifomu ye-webOS evulekile engasetshenziswa ukuthola ukufinyelela kuma-API akhethekile wezinga eliphansi lemvelo yesistimu yama-LG TV namanye amadivayisi asekelwe kule nkundla. Ukuhlasela kwenziwa ngokwethulwa kohlelo lokusebenza olungenazihibe olusebenzisa ubungozi ngokufinyelela ama-API angaphakathi, futhi likuvumela ukuthi ubhale phezu/ufunde amafayela angadingeki noma wenze ezinye izenzo ezivunyelwe ama-API wesistimu.
Esokuqala sobungozi obuhlonziwe bukuvumela ukuthi weqe imikhawulo yokufinyelela ku-API Yesiphathi Sezaziso, futhi okwesibili ikuvumela ukuthi usebenzise Isiphathi Sesaziso ukuze ufinyelele amanye ama-API angaphakathi angafinyeleleki ngokuqondile kuhlelo lokusebenza lomsebenzisi. Izihlonzi ze-CVE azikanikezwa ezindabeni. Amandla okuxhaphaza ubungozi ahlolwe ku-LG 65SM8500PLA TV ene-firmware esekelwe ku-webOS TV 05.10.30.
Ingqikithi yokuba sengozini kokuqala ukuthi, ngokuzenzakalelayo, ukuthumela izaziso ku-webOS kuvunyelwe ezinsizeni zesistimu kuphela, kodwa lo mkhawulo ungeqiwa futhi isaziso singathunyelwa sivela kuhlelo lokusebenza olungenanjongo kusetshenziswa umyalo we-luna-send-pub (com.webos .lunasendpub). Ukuba sengozini kwesibili kuhlobene nokuthi ngokubiza i-API ngokuthi “luna://com.webos.notification/createAlert” ngokuchofoza, ukuvala noma ukuhluleka kwepharamitha, ungaqalisa noma yisiphi isibambi futhi, isibonelo, ushayele isistimu yesiphathi sokulanda. service, evunyelwe kuphela ukuthi yethulwe izinhlelo zokusebenza ezinelungelo zokulanda nokugcina amafayela angenasizathu.
Source: opennet.ru